Do internal intranet websites need to be secure?

security https intranet
15,073

Solution 1

If the content on your network is sensitive and there are users who do not have the privileges required to view some or all of that content then you will want to use SSL on your intranet. Fortunately setting up SSL on your Intranet isn't difficult and you can use a self signed certificate since there is no need to verify your company's identy.

Solution 2

Whenever you use windows passwords to logon you should also use SSL. (This is more vital if you allow basic auth) This is to avoid privilege escalation both for your own users and as a multilayered security strategy.

Solution 3

If you have open wireless access for your visitors on the same network, and it's not served over https then it's easy for visitors to intercept other people's network traffic to your intranet.

Share:
15,073

Related videos on Youtube

v01d
Author by

v01d

I AM HERE G+: https://plus.google.com/114132678747122742656/posts Baseball anyone? http://jsfiddle.net/maniator/K3wCM/embedded/result/ Baseball v2 anyone? https://blipit.net/ WOF anyone? http://jsfiddle.net/maniator/XP9Qv/embedded/result/ Maybe some snake? https://snace.herokuapp.com Or even minesweeper? https://mineweeper.herokuapp.com I am am usually here I am writing here Neal @ Miaou #SOreadytohelp

Updated on September 18, 2022

Comments

  • v01d
    v01d over 1 year

    The question is in the title.

    Does an internal site need to have https security?

    For example we have an internal site that handles our client's license keys -- do we need for that to be secure since it is on our internal network?
    (The website is secured with IIS and windows user validation)

  • v01d
    v01d almost 13 years
    The website is secured with IIS and windows user validation (but no https)
  • John Conde
    John Conde almost 13 years
    That will limit who can get into the network but won't prevent packet sniffing on the network.
  • v01d
    v01d almost 13 years
    but the only people who can get to the network is people who have direct access to our wired network
  • John Conde
    John Conde almost 13 years
    @Neal, Just because the users may have a higher level of trust versus users of a public facing website doesn't mean sensitive content shouldn't be protected as much as possible. Lots of hacking and theft occur from within a company's own walls, virtual or real.
  • Nelson
    Nelson over 12 years
    100% agree. We have a WordPress installation on our intranet which authenticates against Active Directory, so it's protected with SSL.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

window.opener.document.getElementById("parentId1").value = myvalue not working
Why do I get browser warnings on my new lets encrypt ssl setup?
Does renewing SSL certificate require re-issuing the cert?
SSL session persistence and secure cookies
How to compare SSL certificates using AFNetworking
Does SSL require a client side certificate of any kind at all?
Identify "non-secure" content IE warns about
Performance: 4096 Bit RSA-Key compared to 2048 bit RSA-Key
HTTPS connection is "not safe" due to images
Can I skip the PEM pass phrase question when I restart the webserver?